Kasi Research Project Tekes Safety and Security Research Program Final Report, March 11, 2011 Olli Pitkänen, Risto Sarvas, Asko Lehmuskallio, Miska Simanainen, Vesa Kantola Helsinki Institute for Information Technology HIIT / Aalto University Mika Rautila, Arto Juhola, Heikki Pentikäinen VTT Technical Research Centre of Finland Ossi Kuittinen Sitra
This report presents the major findings of the research project Kasi – Future Information Security Trends (Kasi – tulevaisuuden tietoturvatrendit) conducted by Helsinki Institute for Information Technology HIIT and VTT Technical Research Centre of Finland. The project is a part of Tekes Safety and Security Research Program (Tekesin Turvallisuus-ohjelma) and its purpose is to provide rigorous and systematic foreseeing knowledge for the implementation of the Finnish National Information Security Strategy (kansallinen tietoturvastrategia). The aim of the project was to study near-future information security issues that are related to, for example, new technologies, services, and business models. Our approach combines perspectives from different disciplines in order to better address the complexity of the focus area. We identified relevant future information security trends especially from the Finnish viewpoint in the next five to ten years by collecting and analysing specialists’ conceptions and knowledge of the various developments in their professional fields. In order to deepen the analysis, we also specified factors and attributes that affect the realization of the trends. In addition, our objective was to evaluate the need for establishing a separate program for continuous foreseeing activities and provide methodological and procedural guidelines for carrying it out. Our research process went through five separate steps: 1) outlining possible future environments, 2) creating concrete future scenarios or stories, 3) analyzing information security issues in the scenarios, 4) identifying information security trends, and 5) specifying factors and attributes that affect the realization of the trends. Our major findings concerning the future information security trends in Finland in a 5 to 10 years scale are the following: 1. The interdependency between societal processes and information systems increases 2. New interdependencies between organizations and the state emerge 3. Information security issues become more international 4. Needs to manage private or confidential information and public appearances in ICT environments increase 5. Protection of personal data becomes a considerable political issue 6. It becomes increasingly difficult to ensure the correctness of information 7. The correctness of information becomes increasingly important 8. Data gathering increases 9. Data combination from different sources increases 10. Traceability of persons and goods increases 11. Malicious action against information systems increases 12. Quality and security issues are increasingly taken into account in software development 13. Automation/autonomous systems are increasingly employed to effect security 14. Availability of information increases as the public information resources are opened 15. Commercial interests drive actors to restrict access to proprietary information resources 16. Governance of access to information resources in organizations becomes more difficult
Realization and intensity of the trends are dependent on several factors that we have categorized as societal, economic, technological, and legal. The factors have either intensifying or constraining effects on the trends and the intensity of their effect varies. We believe our work on future information security trends and issues and on the methodological questions of reliable foreseeing activities provides relevant information for commercial, policy and scientific interests. We propose that in order to get reliable foreseeing results in the long term, the process...